Added workflow permissions to meet OpenSSF Scorecard requirements (#151)

michaelbeale-IL · web-flow · commit f018f0f0fcd5 · 2024-07-18T20:09:05.000Z
Added workflow permissions to meet OpenSSF Scorecard requirements.
Update github-ci.yml
diff --git a/.github/workflows/github-ci.yml b/.github/workflows/github-ci.yml
@@ -2,6 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 name: Build and Test
+permissions: read-all
 on:
   # By default this will run when the activity type is "opened", "synchronize",
   # or "reopened".
@@ -55,6 +56,8 @@ jobs:
   nix-build:
     name: '${{ matrix.os }} ${{ matrix.build_type }} shared=${{ matrix.shared_lib }}'
     runs-on: '${{ matrix.os }}'
+    permissions:
+      contents: write # required for actions/upload-artifacts@v2
     defaults:
       run:
         shell: bash
